Is Symantec Blaming CIA for Global Hacks?

Credit: Pixabay

Call it a careful balancing act. On the one hand, Symantec says more than 40 hacks worldwide involved top-secret tools that were exposed recently by Wikileaks' Vault7 Report. But on the other hand, the security software company isn't directly blaming the U.S. Central Intelligence Agency for the hacks -- despite the fact that some pundits think the tools connect back to the CIA.

Symantec, instead of calling out the CIA by name, calls the alleged hacker group "Longhorn." The security company says:

"Symantec has been protecting its customers from Longhorn’s tools for the past three years and has continued to track the group in order to learn more about its tools, tactics, and procedures.

The tools used by Longhorn closely follow development timelines and technical specifications laid out in documents disclosed by WikiLeaks. The Longhorn group shares some of the same cryptographic protocols specified in the Vault 7 documents, in addition to following leaked guidelines on tactics to avoid detection. Given the close similarities between the tools and techniques, there can be little doubt that Longhorn's activities and the Vault 7 documents are the work of the same group."

Longhorn infected 40 targets in at least 16 countries across the Middle East, Europe, Asia, and Africa, Symantec said. On one occasion a computer in the United States was compromised but, following infection, an uninstaller was launched within hours, which may indicate this victim was infected unintentionally, the security company added.

The CIA has never confirmed nor denied whether Wikileaks' Vault7 report was accurate.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.